LVS NAT模型配置示例

1、LVS-NAT基于Cisco的LocalDirector。VS/NAT不需要在RealServer上做任何设置,其只要能提供一个tcp/ip的协议栈即可,甚至其无论基于什么OS。

2、基于VS/NAT,所有的入站数据包均由Director进行目标地址转换后转发至内部的RealServer,RealServer响应的数据包再由Director转换源地址后发回客户端。 

3、VS/NAT模式不能与netfilter兼容,因此,不能将VS/NAT模式的Director运行在netfilter的保护范围之中。


# 注意:各节点间的时间偏差不应该超出1秒钟。

# Director配置NTP服务器:

Director:

yum install ntp

/etc/init.d/ntpd start


Client:

/usr/sbin/ntpdate Director_IP


VS/NAT拓扑示例:

            Client

CIP=192.168.101.253

                |

                |

VIP=192.168.101.168 (eth0)

            Director

  DIP=10.10.10.1 (eth1)

                |

           (switch) ――――――――――

                |                                            |

RIP=10.10.10.11 (eth0)        RIP=10.10.10.12 (eth0)

              RS1                                      RS2


VS/NAT配置示例:

Director IP:

    VIP:192.168.101.168/24

    DIP:10.10.10.1/24

RS1 IP:

    RIP:10.10.10.11/24    gw:10.10.10.1

RS2 IP:

    RIP:10.10.10.12/24    gw:10.10.10.1


1、Director安装ipvsadm

# yum install ipvsadm


2、RS1安装httpd

# yum install httpd

# echo "rs1.redhat.com" > /var/www/html/index.html

# service httpd start


3、RS2安装httpd

# yum install httpd

# echo "rs2.redhat.com" > /var/www/html/index.html

# service httpd start


4、Director配置集群(调度算法:RR)

# echo 1 > /proc/sys/net/ipv4/ip_forward

# ipvsadm -A -t 192.168.101.168:80 -s rr

# ipvsadm -a -t 192.168.101.168:80 -r 10.10.10.11 -m

# ipvsadm -a -t 192.168.101.168:80 -r 10.10.10.12 -m

# ipvsadm -L -n


5、浏览器访问:http://192.168.101.168


6、Director配置集群(调度算法:WRR)

# ipvsadm -E -t 192.168.101.168:80 -s wrr

# ipvsadm -e -t 192.168.101.168:80 -r 10.10.10.11 -m -w 3

# ipvsadm -e -t 192.168.101.168:80 -r 10.10.10.12 -m -w 1

# ipvsadm -L -n --stats


7、浏览器访问:http://192.168.101.168


8、保存规则

# service ipvsadm save

或者:

# ipvsadm -S > /etc/sysconfig/ipvsadm.web



VS/NAT Script:

#!/bin/bash

#

# chkconfig: - 88 12

# description: LVS Script for VS/NAT.

#

. /etc/rc.d/init.d/functions


VIP=192.168.101.168

DIP=10.10.10.1

RIP1=10.10.10.11

RIP2=10.10.10.12


CSTATUS1() {

    [ -e /var/lock/subsys/ipvsadm.lock ] && echo -e "\033[32mipvsadm is running...\033[0m" && exit 1

}


CSTATUS2() {

    [ ! -e /var/lock/subsys/ipvsadm.lock ] && echo -e "\033[32mipvsadm is not running...\033[0m" && exit 2

}


case "$1" in

  start)

    CSTATUS1

    echo -e "\033[32mStart VS/NAT of Director Server...\033[0m"

    # Set the Virtual IP address.

    /sbin/ifconfig eth0 $VIP netmask 255.255.255.0 up

    /sbin/ifconfig eth1 $DIP netmask 255.255.255.0 up

    # Director must open packet forwarding.

    echo 1 > /proc/sys/net/ipv4/ip_forward

    # Clean all iptables rules.

    /sbin/iptables -F

    # Reset iptables counters.

    /sbin/iptables -Z

    # Clean all ipvsadm rules/services.

    /sbin/ipvsadm -C

    # Set VS/NAT, Scheduling is Round Robin.

    /sbin/ipvsadm -A -t $VIP:80 -s rr

    /sbin/ipvsadm -a -t $VIP:80 -r $RIP1 -m

    /sbin/ipvsadm -a -t $VIP:80 -r $RIP2 -m

    # Show VS/NAT status.

    /sbin/ipvsadm -L -n

    /bin/touch /var/lock/subsys/ipvsadm.lock

    ;;

  stop)

    CSTATUS2

    echo -e "\033[32mStop VS/NAT of Director Server...\033[0m"

    # Reset ipvsadm.

    /sbin/ipvsadm -C

    # Close VIP interface.

    /sbin/ifconfig eth0 down &> /dev/null

    # Close packet forwarding.

    echo 0 > /proc/sys/net/ipv4/ip_forward

    /bin/rm -f /var/lock/subsys/ipvsadm.lock

    ;;

  status)

    [ -e /var/lock/subsys/ipvsadm.lock ] && echo -e "\033[32mipvsadm is running...\033[0m" || echo -e "\033[32mipvsadm is not running...\033[0m"

    ;;

  *)

    echo -e "\033[32mUsage: $0 {start|stop|status}\033[0m"

    ;;

esac


你可能感兴趣的:(LVS,VS/NAT,模型配置)